TRNDP010 



CLAIMS 

1 . In a distributed network having a number of server computers and associated 
client devices, a network virus defense system, comprising: 

a network virus/worm sensor operable in a number of modes arranged to 
detect a computer virus or a computer worm in the network; and 

a network virus sensor self registration module coupled to the network 
virus/worm sensor arranged to automatically self register the associated network 
virus/worm sensor. 

2. A system as recited in claim 1, wherein during an initialization phase 
of the network virus/worm sensor, the network virus/worm self registration module 
collects selected network environmental information and network configuration 
information. 

3. A system as recited in claim 2, wherein when the network is an IP 
based type network, the selected network environmental information includes an IP 
address for all of the relevant client devices included in the network. 

4. A system s recited in claim 3, wherein the network configuration 
information includes self configuration information related to an appropriate IP 
address for the network virus/worm sensor. 

5. A system as recited in claim 4, wherein the network configuration 
information includes locations of all relevant server computers. 
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6. A system as recited in claim 5, wherein selected ones of the relevant 
server computers are identified as controllers. 

7. A system as recited in claim 6, wherein each of the identified 
controllers includes a rules engine used to store and source a plurality of detection 
rules for detecting computer viruses and worms and an outbreak prevention policy 
(OPP) distribution and execution engine that provides a set of anti-virus policies, 
protocols, and procedures suitable for use by a system administrator for both 
preventing viral outbreaks and repairing any subsequent damage caused by a viral 
outbreak. 

8. A system as recited in claim 7, wherein during the initialization phase, 
each of the rules engines associated with each of the identified controllers are updated 
with a set of detection rules for detecting computer viruses and worms. 

9. A system as recited in claim 7, wherein during the initialization phase, 
each of the outbreak prevention policy distribution and execution engines associated 
with each of the identified controllers are updated with a set of anti-virus policies, a 
set of anti-virus protocols, and a set of anti-virus procedures. 

10. A system as recited in claim 1, wherein in a first mode the bandwidth 
of the network is substantially unaffected by the network virus/monitor sensor 
wherein when the network virus/worm sensor detects a computer virus or a computer 
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worm, the viras/worm sensor switches to a second mode such that only those data 
packets infected by the computer virus are not returned to the network. 

11. In a distributed network having a number of server computers and 
associated client devices, a method of self registering a network virus defense system, 
that includes a network virus/worm sensor operable in a number of modes arranged to 
detect a computer virus or a computer worm in the network, comprising: 

automatically self registering the associated network virus/worm sensor by a 
network virus sensor self registration module coupled to the network virus/worm 
sensor. 

12. A method as recited in claim 11, further comprising: 

during an initialization phase, collecting selected network environmental 
information and network configuration information by the network virus/worm self 
registration module. 

13. A method as recited in claim 12, wherein when the network is an IP 
based type network, the selected network environmental information includes an IP 
address for all of the relevant client devices included in the network. 

14. A method as recited in claim 13, wherein the network configuration 
information includes self configuration information related to an appropriate IP 
address for the network virus/worm sensor. 
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15. A method as recited in claim 14, wherein the network configuration 
information includes locations of all relevant server computers. 



16. A method as recited in claim 15, wherein selected ones of the relevant 
server computers are identified as controllers. 

17. A method as recited in claim 6, wherein each of the identified 
controllers includes a rules engine used to store and source a plurality of detection 
rules for detecting computer viruses and worms and an outbreak prevention policy 
(OPP) distribution and execution engine that provides a set of anti-virus policies, 
protocols, and procedures suitable for use by a system administrator for both 
preventing viral outbreaks and repairing any subsequent damage caused by a viral 
outbreak. 

18. A method as recited in claim 17, further comprising: 
during the initialization phase, 

updating each of the rules engines associated with each of the identified 
controllers with a set of detection rules for detecting computer viruses and worms. 

19. A method as recited in claim 17, further comprising: 
during the initialization phase, 

updating each of the outbreak prevention policy distribution and execution 
engines associated with each of the identified controllers with a set of anti-virus 
policies, a set of anti-virus protocols, and a set of anti-virus procedures. 
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20. A method as recited in claim 1, wherein in a first mode the bandwidth 
of the network is substantially unaffected by the network virus/monitor sensor 
wherein when the network virus/worm sensor detects a computer virus or a computer 
worm, the virus/worm sensor switches to a second mode such that only those data 
packets infected by the computer virus are not returned to the network. 

21 . In a distributed network having a number of server computers and 
associated client devices, computer program product for self registering a network 
virus defense system, that includes a network virus/worm sensor operable in a 
number of modes arranged to detect a computer virus or a computer worm in the 
network, comprising: 

computer code for automatically self registering the associated network 
virus/worm sensor by a network virus sensor self registration module coupled to the 
network virus/worm sensor; and 

computer readable medium for storing the computer code. 

22. Computer program product as recited in claim 2 1 , further comprising: 
computer code for collecting selected network environmental information and 

network configuration information by the network virus/worm self registration 
module during an initialization phase. 

23. Computer program product as recited in claim 22, wherein when the 
network is an IP based type network, the selected network environmental information 
includes an IP address for all of the relevant client devices included in the network. 
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24. Computer program product as recited in claim 23, wherein the network 
configuration information includes self configuration information related to an 
appropriate IP address for the network virus/worm sensor. 

25. Computer program product as recited in claim 24, wherein the network 
configuration information includes locations of all relevant server computers. 

26. Computer program product as recited in claim 25, wherein selected 
ones of the relevant server computers are identified as controllers. 

27. Computer program product as recited in claim 26, wherein each of the 
identified controllers includes a rules engine used to store and source a plurality of 
detection rules for detecting computer viruses and worms and an outbreak prevention 
policy (OPP) distribution and execution engine that provides a set of anti-virus 
policies, protocols, and procedures suitable for use by a system administrator for both 
preventing viral outbreaks and repairing any subsequent damage caused by a viral 
outbreak. 

28. Computer program product as recited in claim 27, further comprising: 
during the initialization phase, 

updating each of the rules engines associated with each of the identified 
controllers with a set of detection rules for detecting computer viruses and worms. 

29. Computer program product as recited in claim 27, further comprising: 
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computer code for updating each of the outbreak prevention policy 
distribution and execution engines associated with each of the identified controllers 
with a set of anti-virus policies, a set of anti-virus protocols, and a set of anti-virus 
procedures during the initialization phase. 

30. Computer program product as recited in claim 21 , wherein in a first 
mode the bandwidth of the network is substantially unaffected by the network 
virus/monitor sensor wherein when the network virus/worm sensor detects a 
computer virus or a computer worm, the virus/worm sensor switches to a second 
mode such that only those data packets infected by the computer virus are not 
returned to the network. 
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